dotfiles/nixos/systems/blowhole/uterranix.nix

53 lines
1.1 KiB
Nix
Raw Normal View History

{ config, inputs, lib, config', pkgs, ... }:
{
imports = [ inputs.uterranix.nixosModules.default ];
uterranix.config = { config, ... }: {
terraform.required_providers = ((a: builtins.break a) config'.flake.uterranix.config.${pkgs.stdenv.system}).terraform.required_providers;
imports = config'.uterranix.modules;
resource."vault_consul_secret_backend_role"."envoy-grafana" = {
name = "envoy-grafana";
backend = "consul";
service_identities = [
"grafana"
"influx"
"telegraf"
];
node_identities = [
"blowhole:homelab-1"
];
};
resource."consul_acl_policy"."envoy-blowhole" = {
name = "envoy-blowhole";
datacenters = [ "homelab-1" ];
rules = ''
mesh = "write"
'';
};
resource."vault_consul_secret_backend_role"."envoy-blowhole" = {
name = "envoy-blowhole";
backend = "consul";
consul_policies = [
config.resource."consul_acl_policy"."envoy-blowhole".name
];
service_identities = [
"telegraf-blowhole"
];
node_identities = [
"blowhole:homelab-1"
];
};
};
}